diff options
| author | Jeremi Piotrowski <jpiotrowski@microsoft.com> | 2023-01-09 17:11:32 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2023-01-09 20:03:29 +0000 |
| commit | 52b73d511b27de1fde3dd075af5d90393a1cd97d (patch) | |
| tree | 1303ac029aa0732efdf5741fafa1891b52216af0 | |
| parent | 237063358edd9175dfee7835cf4e4379edb8ebd2 (diff) | |
bus/selinux: Move vsnprintf call to avoid va_list reuse
In log_callback() the same va_list is reused for a call to vsnprintf and
vsyslog. A va_list can't be reused in this manner, such use is undefined
behavior that changes depending on glibc version.
In current glibc versions a segfault can be observed from the callsite at
bus/selinux.c:412. When trying to log a non-auditable event, the segfault
happens in strlen inside vsyslog.
Moving the call to vsnprintf closer to audit_log_user_avc_message (which is
followed by a 'goto out') avoids the reuse and segfault.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
| -rw-r--r-- | bus/selinux.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index 359f69a7..16665f45 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -114,9 +114,6 @@ log_callback (int type, const char *fmt, ...) * syslog if OOM, like the equivalent AppArmor code does. */ char buf[PATH_MAX*2]; - /* FIXME: need to change this to show real user */ - vsnprintf(buf, sizeof(buf), fmt, ap); - switch (type) { case SELINUX_AVC: @@ -139,6 +136,8 @@ log_callback (int type, const char *fmt, ...) } if (audit_type > 0) { + /* FIXME: need to change this to show real user */ + vsnprintf(buf, sizeof(buf), fmt, ap); audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL, NULL, getuid()); goto out; |